Recent Advances in Intrusion Detection

1. Front Matter

   Pages I-X

   PDF

2. Modeling Attacks

   1. From Declarative Signatures to Misuse IDS

      • Jean-Philippe Pouzol, Mireille Ducasé

      Pages 1-21

3. Logging and IDS Integration

   1. Application-Integrated Data Collection for Security Monitoring

      • Magnus Almgren, Ulf Lindqvist

      Pages 22-36

   2. Interfacing Trusted Applications with Intrusion Detection Systems

      • Marc Welz, Andrew Hutchison

      Pages 37-53

4. IDS Cooperation

   1. Probabilistic Alert Correlation

      • Alfonso Valdes, Keith Skinner

      Pages 54-68

   2. Designing a Web of Highly-Configurable Intrusion Detection Sensors

      • Giovanni Vigna, Richard A. Kemmerer, Per Blix

      Pages 69-84

   3. Aggregation and Correlation of Intrusion-Detection Alerts

      • Hervé Debar, Andreas Wespi

      Pages 85-103

5. Anomaly Detection

   1. Accurately Detecting Source Code of Attacks That Increase Privilege

      • Robert K. Cunningham, Craig S. Stevenson

      Pages 104-116

   2. CDIS: Towards a Computer Immune System for Detecting Network Intrusions

      • Paul D. Williams, Kevin P. Anchor, John L. Bebo, Gregg H. Gunsch, Gary D. Lamont

      Pages 117-133

6. Intrusion Tolerance

   1. Autonomic Response to Distributed Denial of Service Attacks

      • Dan Sterne, Kelly Djahandari, Brett Wilson, Bill Babson, Dan Schnackenberg, Harley Holliday et al.

      Pages 134-149

7. Legal Aspects

   1. The Impact of Privacy and Data Protection Legislation on the Sharing of Intrusion Detection Information

      • Steven R. Johnston

      Pages 150-171

8. Specification-Based IDS

   1. Experiences with Specification-Based Intrusion Detection

      • Prem Uppuluri, R. Sekar

      Pages 172-189

   2. System Health and Intrusion Monitoring Using a Hierarchy of Constraints

      • Calvin Ko, Paul Brutch, Jeff Rowe, Guy Tsafnat, Karl Levitt

      Pages 190-203

9. Back Matter

   Pages 205-205

   PDF

On behalf of the program committee, it is our pleasure to present to you the proceedings of the fourth Recent Advances in Intrusion Detection Symposium. The RAID 2001program committee received 55 paper submissions from 13 countries. All submissions were carefully reviewed by several members of the program committee on the criteria of scienti?c novelty, importance to the ?eld, and technical quality. Final selection took place at a meeting held on May 16-17 in Oakland, California. Twelve papers were selected for presentation and pub- cation in the conference proceedings. In addition, nine papers, presenting work in progress, were selected for presentation. The program included both fundamental research and practical issues: l- ging and IDS integration, attack modeling, anomaly detection, speci?cati- based IDS, IDS assessment, IDS cooperation, intrusion tolerance, and legal - pects. RAID 2001also hosted two panels, one on “The Present and Future of IDS Testing Methodologies,” a subject of major concern for all IDS users and de- gners, and one on “Intrusion Tolerance,” an emerging research area of increasing importance. Dr. Bill Hancock, Senior Vice President and Chief Security O?cer of Exodus Communications, Inc., delivered a keynote speech “Real world intrusion det- tion or how not to become a deer in the headlights of an attacker’s car on the information superhighway”. The slides presented by the authors, the 9 papers which are not in the p- ceedings, and the slides presented by the panelists are available on the website of the RAID symposium series, http://www.raid-symposium.org/.

• Audit control
• Code
• Computer
• Denial of Service
• Information
• Intrusion Detection
• Logging
• authentication
• cryptanalysis
• cryptographic attacks
• data mining
• distributed intrusion
• privacy
• security
• trust

• Georgia Institute of Technology, College of Computing, Atlanta, USA

  Wenke Lee

• SUPELEC, Cesson Sevigne Cedex, France

  Ludovic Mé

• IBM Research, Zurich Research Laboratory, Rüschlikon, Switzerland

  Andreas Wespi

Policies and ethics